database

Auto Added by WPeMatico

Insecure Hadoop Servers Expose Over 5 Petabytes of Data

Insecure Hadoop Servers Expose Over 5 Petabytes of Data

An anonymous reader quotes the security news editor at Bleeping Computer:
Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a search engine for discovering Internet-connected devices. The expert says he discovered 4,487 instances of HDFS-based servers available via public IP addresses and without authentication, which in total exposed over 5,120 TB of data. According to Matherly, 47,820 MongoDB servers exposed only 25 TB of data. To put things in perspective, HDFS servers leak 200 times more data compared to MongoDB servers, which are ten times more prevalent… The countries that exposed the most HDFS instances are by far the US and China, but this should be of no surprise as these two countries host over 50% of all data centers in the world.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database
Vermont DMV Caught Using Illegal Facial Recognition Program

Vermont DMV Caught Using Illegal Facial Recognition Program

schwit1 quotes a report from Vocativ: The Vermont Department of Motor Vehicles has been caught using facial recognition software — despite a state law preventing it. Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV’s database of names and driver’s license photos with information with state and federal law enforcement. Vermont state law, however, specifically states that “The Department of Motor Vehicles shall not implement any procedures or processes that involve the use of biometric identifiers.” The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million Vermonters and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database
Font Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts

Font Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts

A popular font sharing site DaFont.com has been hacked, resulting in usernames, email addresses, and hashed passwords of 699,464 user accounts being stolen. ZDNet reports: The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums. The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site’s database. “I heard the database was getting traded around so I decided to dump it myself — like I always do,” the hacker told me. Asked about his motivations, he said it was “mainly just for the challenge [and] training my pentest skills.” He told me that he exploited a union-based SQL injection vulnerability in the site’s software, a flaw he said was “easy to find.” The hacker provided the database to ZDNet for verification.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database
Azure Goes Database Crazy With One New NoSQL, Two New SQL Services

Azure Goes Database Crazy With One New NoSQL, Two New SQL Services

An anonymous reader quotes a report from Ars Technica: In its continued efforts to make Azure a platform that appeals to the widest range of developers possible, Microsoft announced a range of new features at Build, its annual developer conference. Many of the features shown today had a data theme to them. The most novel feature was the release of Cosmos DB, a replacement for, or upgrade to, Microsoft’s Document DB NoSQL database. Cosmos DB is designed for “planet-scale” applications, giving developers fine control over the replication policies and reliability. Replicated, distributed systems offer trade-offs between latency and consistency; systems with strong consistency wait until data is fully replicated before a write is deemed to be complete, which offers consistency at the expense of latency. Systems with eventual consistency mark operations as complete before data is fully replicated, promising only that the full replication will occur eventually. This improves latency but risks delivering stale data to applications. Document DB offered four different options for the replication behavior; Cosmos DB ups that to five. The database scales to span multiple regions, with Microsoft offering service level agreements (SLAs) for uptime, performance, latency, and consistency. There are financial penalties if Microsoft misses the SLA requirements. Many applications still call for traditional relational databases. For those, Microsoft is adding both a MySQL and a PostgreSQL service; these provide the familiar open source databases in a platform-as-a-service style, removing the administrative overhead that comes of using them and making it easier to move workloads using them into Azure. The company is also offering a preview of a database-migration service that takes data from on-premises SQL Server and Oracle databases and migrates it to Azure SQL Database. Azure SQL Database has a new feature in preview called “Managed Instances” that offers greater compatibility between on-premises SQL Server and the cloud variant, again to make workload migration easier.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database
Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers

Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers

An anonymous reader quotes a report from Ars Technica: It’s been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia’s servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin’s lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. “We’ve been asking the court for help since 2012,” said EFF attorney Mitch Stolz in a statement about the petition. “It’s deeply unfair for him to still be in limbo after all this time.”

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database
Microsoft Will Support Python In SQL Server 2017

Microsoft Will Support Python In SQL Server 2017

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld:
Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn’t limited to enterprise editions of SQL Server 2017, either — it’ll also be available in the free-to-use Express edition… Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it’ll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database…

An existing Python installation isn’t required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed.

Except it’s not yet available for Linux users, according to the article. “Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python.”

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database
Facial Recognition Database Used By FBI Is Out of Control, House Committee Hears

Facial Recognition Database Used By FBI Is Out of Control, House Committee Hears

The House oversight committee claims the FBI’s facial recognition database is out of control, noting that “no federal law controls this technology” and “no court decision limits it.” At last week’s House oversight committee hearing, politicians and privacy campaigners presented several “damning facts” about the databases. “About 80% of photos in the FBI’s network are non-criminal entries, including pictures from driver’s licenses and passports,” reports The Guardian. “The algorithms used to identify matches are inaccurate about 15% of the time, and are most likely to misidentify black people than white people.” From the report: “Facial recognition technology is a powerful tool law enforcement can use to protect people, their property, our borders, and our nation,” said the committee chair, Jason Chaffetz, adding that in the private sector it can be used to protect financial transactions and prevent fraud or identity theft. “But it can also be used by bad actors to harass or stalk individuals. It can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches, or other types of places in the public.” Furthermore, the rise of real-time face recognition technology that allows surveillance and body cameras to scan the faces of people walking down the street was, according to Chaffetz, “most concerning.” “For those reasons and others, we must conduct proper oversight of this emerging technology,” he said.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, database